Administration, Editorials, Ethics

Surprise! Data Folks Will Have to Drive GDPR/Privacy Protections

We work with a product line that produces online event for companies (bear with me, this isn’t an ad).  This is for webinars, virtual conferences, etc.  The goal of nearly every one of these events is to gather information about your attendees to be able to better serve them by knowing what they’re most interested in.  So, to that end, the customer (the one holding the event) and the sponsors (the ones paying the customer to hold the event) are looking for key information on attendees, on traffic, on usage of the platform.

Seems pretty logical.  But I keep getting more requests for removing the “please note that your info will be shared if you do not deselect this box” stuff on registration (we don’t remove it) and for open sharing of all attendee information in the environment between attendees, vendors, etc.  (We don’t support this either). So more and more, I’ve been having conversations with customers and end-users explaining that privacy is a thing, that both legally and ethically they own their data and get to determine who to share with.  Sure, you can make it a requirement for your event, but you need to be clear about that.

So this leads me to the realization that, as data folks, this is going to come down to us all, collectively.  For a while at least, we’re going to have to pay very close attention to how data is gathered, authorized, used and shared.  This isn’t just a GDPR thing, this is being a good information citizen IMHO.  Transparency and clear controls are going to be very, very important to maintain trust with users (attendees) and with anyone sharing information as the price of admission.

It’s easy to talk about these things.  It’s somewhat more difficult to deploy them, as there are protections and rules and best practices to follow and it’s no longer a “is it cool to get your info” – now it needs ways to rescind that permission or control aspects of it where possible.

It’s even more difficult though, if you get it wrong.  And there are “pure” IT things that need to be dealt with on top of simple permission management.  Protecting data all along the way, but now, even OUTBOUND is part of your purvey if you provide information to outside parties.  Part of the thing regulations (read as: GDPR) are doing is that they’re trying to close the circle so there is responsibility all along the path of data acquisition and use.  So if you send information to someone in an excel sheet, you better be encrypting and protecting it and doing the things needed to make sure it’s taken care of.  These are new responsibilities and indeed ethics associated with data that impact us all.

So, while I hesitate to call it a gatekeeper function, I do believe we’re in the best position collectively to make sure steps are taken, that this whole thing is part of the overall conversation and process of bringing solutions, updates and such online.  I think it’s a perfect fit for understanding and working the things we all do, and I also think it’s really can’t exist almost anywhere else in the data food chain.